HK2 MethodInterceptor with Jersey resource

https://stackoverflow.com/questions/22275562

11-06-2023
|

Question

How can I set up an aop MethodInterceptor to work with Jersey resources?

Here is what I've tried, following this documentation:

Step 1 - InterceptionService

public class MyInterceptionService implements InterceptionService
{
    private final Provider<AuthFilter> authFilterProvider;

    @Inject
    public HK2MethodInterceptionService(Provider<AuthFilter> authFilterProvider)
    {
        this.authFilterProvider = authFilterProvider;
    }

    /**
     * Match any class.
     */
    @Override
    public Filter getDescriptorFilter()
    {
        return BuilderHelper.allFilter();
    }

    /**
     * Intercept all Jersey resource methods for security.
     */
    @Override
    @Nullable
    public List<MethodInterceptor> getMethodInterceptors(final Method method)
    {
        // don't intercept methods with PermitAll
        if (method.isAnnotationPresent(PermitAll.class))
        {
            return null;
        }

        return Collections.singletonList(new MethodInterceptor()
        {
            @Override
            public Object invoke(MethodInvocation methodInvocation) throws Throwable
            {
                if (!authFilterProvider.get().isAllowed(method))
                {
                    throw new ForbiddenException();
                }

                return methodInvocation.proceed();
            }
        });
    }

    /**
     * No constructor interception.
     */
    @Override
    @Nullable
    public List<ConstructorInterceptor> getConstructorInterceptors(Constructor<?> constructor)
    {
        return null;
    }
}

Step 2 - Register the service

public class MyResourceConfig extends ResourceConfig
{
    public MyResourceConfig()
    {
        packages("package.with.my.resources");

        // UPDATE: answer is remove this line
        register(MyInterceptionService.class);

        register(new AbstractBinder()
        {
            @Override
            protected void configure()
            {
                bind(AuthFilter.class).to(AuthFilter.class).in(Singleton.class);

                // UPDATE: answer is add the following line
                // bind(MyInterceptionService.class).to(InterceptionService.class).in(Singleton.class);
            }
        });
    }
}

However this doesn't appear to work because none of my resource methods are being intercepted. Could this be because I use @ManagedAsync with all of my resources? Any ideas?

Also, please do not suggest a ContainerRequestFilter. See this question for why I can't use one to handle security.

Solution

I think that rather than calling register(MyInterceptionService.class) you might want to instead add into your configure() statement:

bind(MyInterceptionService.class).to(InterceptionService.class).in(Singleton.class)

I am not sure it will work as I have not tried it myself so your results may vary lol

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow